devbox
你好赵伟
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

【漏洞修复】docker 环境下,AMQP Cleartext认证漏洞,rabbitmq明文漏洞修复,超详细_rabbitmq漏洞复现

作者:你好赵伟 | 2024-04-12 17:09:03

rabbitmq漏洞复现

docker rabbitmq amqp明文验证 漏洞

目录

1、拷贝docker配置文件到本地

2、重新启动容器:

3、添加SSL插件:

4、查看启动结果

5、基于CMF-AMQP-Configuration来生成SSL自签名文件

6、使用JDK的Keytool工具,将服务器公钥转换为JKS格式

7、创建etc/rabbitmq/rabbitmq.conf(如果不存在)

8、添加证书登录用户

9、验证证书有效性

1、拷贝docker配置文件到本地

通过docker ps 命令,查看CONTAINER ID

如:

  1. docker cp 1ff:/etc/rabbitmq/conf.d /etc/rabbitmq/
  2.  
  3. docker cp 1ff:/etc/rabbitmq/enabled_plugins /etc/rabbitmq/

2、重新启动容器:

如:

docker run -dit --name rabbitmqserver -v /etc/rabbitmq:/etc/rabbitmq -e RABBITMQ_DEFAULT_USER=root -e RABBITMQ_DEFAULT_PASS=123456 -p 15672:15672 -p 5672:5672 -p 5671:5671 rabbitmq:management

3、添加SSL插件:

部署完成后,docker exec进入容器,在容器中添加插件才能启用SSL验证的功能

进入docker:

docker exec -it f12 /bin/sh

rabbitmq-plugins enable rabbitmq_auth_mechanism_ssl

4、查看启动结果

rabbitmq-plugins list

[E*] rabbitmq_auth_mechanism_ssl 表示成功

  1. rabbitmq-plugins list
  2. Listing plugins with pattern ".*" ...
  3.  Configured: E = explicitly enabled; e = implicitly enabled
  4.  | Status: * = running on rabbit@f2d5bbd9c4ac
  5.  |/
  6. [  ] rabbitmq_amqp1_0                  3.10.5
  7. [  ] rabbitmq_auth_backend_cache       3.10.5
  8. [  ] rabbitmq_auth_backend_http        3.10.5
  9. [  ] rabbitmq_auth_backend_ldap        3.10.5
  10. [  ] rabbitmq_auth_backend_oauth2      3.10.5
  11. [E*] rabbitmq_auth_mechanism_ssl       3.10.5
  12. [  ] rabbitmq_consistent_hash_exchange 3.10.5
  13. [  ] rabbitmq_event_exchange           3.10.5
  14. [  ] rabbitmq_federation               3.10.5
  15. [  ] rabbitmq_federation_management    3.10.5
  16. [  ] rabbitmq_jms_topic_exchange       3.10.5
  17. [E*] rabbitmq_management               3.10.5
  18. [e*] rabbitmq_management_agent         3.10.5
  19. [  ] rabbitmq_mqtt                     3.10.5
  20. [  ] rabbitmq_peer_discovery_aws       3.10.5
  21. [  ] rabbitmq_peer_discovery_common    3.10.5
  22. [  ] rabbitmq_peer_discovery_consul    3.10.5
  23. [  ] rabbitmq_peer_discovery_etcd      3.10.5
  24. [  ] rabbitmq_peer_discovery_k8s       3.10.5
  25. [E*] rabbitmq_prometheus               3.10.5
  26. [  ] rabbitmq_random_exchange          3.10.5
  27. [  ] rabbitmq_recent_history_exchange  3.10.5
  28. [  ] rabbitmq_sharding                 3.10.5
  29. [  ] rabbitmq_shovel                   3.10.5
  30. [  ] rabbitmq_shovel_management        3.10.5
  31. [  ] rabbitmq_stomp                    3.10.5
  32. [  ] rabbitmq_stream                   3.10.5
  33. [  ] rabbitmq_stream_management        3.10.5
  34. [  ] rabbitmq_top                      3.10.5
  35. [  ] rabbitmq_tracing                  3.10.5
  36. [  ] rabbitmq_trust_store              3.10.5
  37. [e*] rabbitmq_web_dispatch             3.10.5
  38. [  ] rabbitmq_web_mqtt                 3.10.5
  39. [  ] rabbitmq_web_mqtt_examples        3.10.5
  40. [  ] rabbitmq_web_stomp                3.10.5
  41. [  ] rabbitmq_web_stomp_examples       3.10.5

5、基于CMF-AMQP-Configuration来生成SSL自签名文件

下载CMF-AMQP-Configuration

git clone https://github.com/Berico-Technologies/CMF-AMQP-Configuration.git

进入CMF-AMQP-Configuration/ssl目录

cd CMF-AMQP-Configuration/ssl

修改配置,生成证书10年有效期

  1. sed -i "s/valid=365/valid=3650/g" create_client_cert.sh
  2.  
  3. sed -i "s/valid=365/valid=3650/g" make_server_cert.sh
  4.  
  5. sed -i "s/valid=365/valid=3650/g" setup_ca.sh
  6.  
  7. sed -i "s/default_days = 365/default_days = 3650/g" openssl.cnf

生成ca证书,“MyRabbitMQCA”为自定义名称,名称任意。在当前目录下生成ca目录

sh setup_ca.sh testbmsca

生成服务端证书,第一个参数是服务端证书前缀,第二个参数是密码。密码任意,在当前目录下生成server目录

sh make_server_cert.sh rabbitmq-server 123456 #123456为自定义密码

生成客户端证书,第一个参数是客户端证书前缀(同时也是rabbitmq用户名),第二个参数是密码。密码任意,在当前目录下生成client目录

sh create_client_cert.sh rabbitmq-client 654321  #654321为自定义密码

复制文件到服务器/etc/rabbitmq/ssl

1. cacert.pem         # CA证书文件

2. server.cert.pem  # 服务器公钥

3. server.key.pem  # 服务器私钥

6、使用JDK的Keytool工具,将服务器公钥转换为JKS格式

keytool -import -alias rabbitmq-server \

-file server/rabbitmq-server.cert.pem \

-keystore rabbitmqStore -storepass 123456@testbms

# -alias后为别称,-file后是服务端公钥位置,-keystore后是输出JSK证书位置 STORE_PASS任意

7、创建etc/rabbitmq/rabbitmq.conf(如果不存在)

  1. #listeners.tcp.default = 5672 
  2.  
  3. listeners.tcp = none # 关闭非tls的端口
  4.  
  5. listeners.ssl.default=5671  # tls认证监听端口
  6.  
  7. ssl_options.cacertfile=/etc/rabbitmq/ssl/cacert.pem
  8.  
  9. ssl_options.certfile=/etc/rabbitmq//ssl/rabbitmq-server.cert.pem
  10.  
  11. ssl_options.keyfile=/etc/rabbitmq//ssl/rabbitmq-server.key.pem
  12.  
  13. ssl_options.verify=verify_peer
  14.  
  15. ssl_options.fail_if_no_peer_cert=true
  16.  
  17. ssl_options.versions.1=tlsv1.2
  18.  
  19. ssl_options.versions.2=tlsv1.3
  20.  
  21. ssl_options.ciphers.1 = ECDHE-ECDSA-AES256-GCM-SHA384
  22.  
  23. ssl_options.ciphers.2 = ECDHE-RSA-AES256-GCM-SHA384
  24.  
  25. ssl_options.ciphers.3 = ECDHE-ECDSA-AES256-SHA384
  26.  
  27. ssl_options.ciphers.4 = ECDHE-RSA-AES256-SHA384
  28.  
  29. ssl_options.ciphers.5 = ECDHE-ECDSA-DES-CBC3-SHA
  30.  
  31. ssl_options.ciphers.6 = ECDH-ECDSA-AES256-GCM-SHA384
  32.  
  33. ssl_options.ciphers.7 = ECDH-RSA-AES256-GCM-SHA384
  34.  
  35. ssl_options.ciphers.8 = ECDH-ECDSA-AES256-SHA384
  36.  
  37. ssl_options.ciphers.9 = ECDH-RSA-AES256-SHA384
  38.  
  39. ssl_options.ciphers.10 = DHE-DSS-AES256-GCM-SHA384
  40.  
  41. ssl_options.ciphers.11= DHE-DSS-AES256-SHA256
  42.  
  43. ssl_options.ciphers.12 = AES256-GCM-SHA384
  44.  
  45. ssl_options.ciphers.13 = AES256-SHA256
  46.  
  47. ssl_options.ciphers.14 = ECDHE-ECDSA-AES128-GCM-SHA256
  48.  
  49. ssl_options.ciphers.15 = ECDHE-RSA-AES128-GCM-SHA256
  50.  
  51. ssl_options.ciphers.16 = ECDHE-ECDSA-AES128-SHA256
  52.  
  53. ssl_options.ciphers.17 = ECDHE-RSA-AES128-SHA256
  54.  
  55. ssl_options.ciphers.18 = ECDH-ECDSA-AES128-GCM-SHA256
  56.  
  57. ssl_options.ciphers.19= ECDH-RSA-AES128-GCM-SHA256
  58.  
  59. ssl_options.ciphers.20 = ECDH-ECDSA-AES128-SHA256
  60.  
  61. ssl_options.ciphers.21 = ECDH-RSA-AES128-SHA256
  62.  
  63. ssl_options.ciphers.22 = DHE-DSS-AES128-GCM-SHA256
  64.  
  65. ssl_options.ciphers.23 = DHE-DSS-AES128-SHA256
  66.  
  67. ssl_options.ciphers.24 = AES128-GCM-SHA256
  68.  
  69. ssl_options.ciphers.25 = AES128-SHA256
  70.  
  71. ssl_options.ciphers.26 = ECDHE-ECDSA-AES256-SHA
  72.  
  73. ssl_options.ciphers.27 = ECDHE-RSA-AES256-SHA
  74.  
  75. ssl_options.ciphers.28 = DHE-DSS-AES256-SHA
  76.  
  77. ssl_options.ciphers.29 = ECDH-ECDSA-AES256-SHA
  78.  
  79. ssl_options.ciphers.30 = ECDH-RSA-AES256-SHA
  80.  
  81. ssl_options.ciphers.31= AES256-SHA
  82.  
  83. ssl_options.ciphers.32 = ECDHE-ECDSA-AES128-SHA
  84.  
  85. ssl_options.ciphers.33 = ECDHE-RSA-AES128-SHA
  86.  
  87. ssl_options.ciphers.34 = DHE-DSS-AES128-SHA
  88.  
  89. ssl_options.ciphers.35 = DHE-DSS-AES128-SHA256
  90.  
  91. ssl_options.ciphers.36 = ECDH-ECDSA-AES128-SHA
  92.  
  93. ssl_options.ciphers.37 = ECDH-RSA-AES128-SHA
  94.  
  95. ssl_options.ciphers.38 = AES128-SHA
  96.  
  97. auth_mechanisms.1 = EXTERNAL # 使用rabbit-ssl插件进行认证 首先要配置SSL插件
  98.  
  99. #auth_mechanisms.2 = PLAIN # 明文
  100.  
  101. #auth_mechanisms.3 = AMQPLAIN # 明文
  102.  
  103. management.tcp.port = 15672
  104.  
  105. ssl_cert_login_from = common_name # 使用证书种的CN作为登录用户名
  106.  
  107. loopback_users.guest = false

重启动容器

进入容器查看运行环境:rabbitmqctl environment

8、添加证书登录用户

用户名要与客户端证书名称前缀一致

rabbitmqctl add_user 'rabbitmq-client' 'wsajg5df'

添加权限 不要忘记了

rabbitmqctl set_permissions -p "/" "rabbitmq-client" "." "." ".*"

9、验证证书有效性

openssl s_client -connect localhost:5671 \

-cert client/rabbitmq-client.cert.pem \

-key client/rabbitmq-client.key.pem \

-CAfile ca/cacert.pem

 

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/你好赵伟/article/detail/411725
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号